Privacy Policy

Last updated: 26 February 2026

Grimmor OÜ (“Grimmor”, “we”, “us”, “our”), registry code 17343626 and registered address at Jõe street 3-315, 10151 Tallinn, Estonia, processes the data of persons who use the virtual shopping and selling platform in a mobile application Grimmor or online www.grimmor.com or use our services (hereinafter the Platform).

General provisions

This Privacy Policy sets out the data that we collect, the reasons for which we collect the data, and how we use and share the data. Specifically, this Privacy Policy describes our practices regarding:

  • How and what data do we collect
  • How do we use your personal data
  • About cookies and other identifiers
  • Who we share data with
  • International transfers
  • Keeping your personal data safe
  • How long do we retain your personal data for
  • Are children allowed to use Grimmor Platform
  • Your data protection rights
  • How to complain
  • Updating this Privacy Policy
  • Our contact details

You acknowledge that by using the Platform, you have reviewed the Privacy Policy. The Privacy Policy is incorporated by reference into our Terms and Conditions. By using our Platform, you are consenting to the practices described in this Privacy Policy.

Our Platform may contain links to and from other websites. This Privacy Policy does not apply to those websites as they have their own privacy policies. Thus, we do not assume any responsibility or liability for those websites. So please check their policies before you submit any personal data to those websites.

Grimmor considers the privacy of individuals and the protection of personal data a priority and takes all possible measures to guarantee the security and safety of the Platform.

Definitions

User (also referred as “you”) means a person who creates an account on the Platform or uses the services offered on the Platform.

Vendor means any professional brand, retailer, or individual user who lists and offers products for sale on the Platform and acting as an independent data controller responsible when fulfilling your order, shipping the goods, and handling returns.

Processing of personal data means viewing, collecting, recording, storing, modifying, transmitting or receiving personal data and other operations related to personal data.

Personal data is any data from or about an identified or identifiable person but does not include aggregated or anonymized data.

Platform means virtual buying and selling environment offered in the Grimmor mobile application and www.grimmor.com including services provided by Grimmor through the Platform for account creation, management, mediation of purchase and sale transactions and other services described in the Terms and Conditions.

How and what data do we collect?

To use the Platform and our Virtual Try-On functionality, you need a Grimmor account. For this, you need to register as a User on Grimmor mobile application. This means that you enter into a legally binding agreement with us.

When you use our Platform, we collect and process the following personal data about you.

(1) Personal data you provide us

When you create an account, use the Platform, or communicate with us, we collect the information you provide directly. The information you provide us with includes, without limitation, the following information:

  • Account registration data includes your name, email address, phone number, and password when you sign up.
  • Virtual Try-On Data. To use this feature, you provide photos of your face and body, and input body measurements (height, weight, shoe size) and outfit preferences. We use this data solely to visualise clothing fit and do not use it to uniquely identify or authenticate you (i.e., we do not process biometric data for identification purposes).
  • Purchase & Delivery Data. When you buy a product, you provide your name, email address, phone number, shipping and billing address (for delivery coordination).
  • Communications and feedback. Information you provide to subscribe to our newsletters, updates and other special offers, including your email address and the subject for which you wish to receive information about (marketing preferences), or any other information you decide to provide us with. You may always unsubscribe from these emails by following the instructions included. Also, information you provide when you contact support or respond to surveys.
  • User Content. Any photos, comments, or messages you voluntarily post on the Platform. Please be aware that if you disclose personal data in public areas of the Platform, you do so at your own risk.

(2) Data we receive from other sources and generated data

We may receive data about you from third parties or generate data during your use of the Platform:

  • Your order’s invoice from Vendor to enable you to keep record of your purchases and easily manage information for any claims you might decide to proceed with.
  • Payment service providers. We only receive and store limited payment data including amount, currency, payment status, payment method, transaction reference number and risk score generated by our payment service providers to ensure security. We do not receive full card details.
  • Delivery information. From Vendors and shipping providers, we receive tracking IDs and delivery status updates.
  • Usage, device, and attribution data from analytics providers to help us understand how our Platform is used and how users find Grimmor.
  • Campaign and referral information from marketing and social media platforms.
  • Social login data. If you log in via Apple or Google, we receive your name and email address as permitted by your settings.
  • Fraud and security signals from service providers to protect our Platform.

We do not receive or store passwords, or private messages from these third parties.

(3) Automatically collected personal data

Most of the data we collect is technical in nature and processed automatically via SDKs and APIs. The data we collect by automated means may include, without limitation:

  • Device information, including IP address, device type, manufacturer, and model, operating system and app version, language, time zone, and region, unique device or app identifiers.
  • Usage and interaction data, including features used and actions taken in the app, searches performed, looks viewed, liked, commented on, or shared, items added to or removed from shopping carts or wishlists; subscription, credit, and wallet activity.
  • Media and AI usage data, including metadata associated with uploaded photos and AI-generated images; information about AI generation requests (such as time, type of generation, and technical parameters), performance and quality data related to AI processing.
  • Network and approximate location information, including approximate geographic location (such as country, city, or region) derived from IP address, network connection types and basic connectivity information. We do not collect precise GPS location or scan nearby Wi-Fi or Bluetooth devices.
  • Analytics data, including unique device identifiers, IP addresses, and usage data regarding your interactions with the app to analyse performance and user behaviour.

How do we use your personal data?

We process personal data to enable User to use the Platform, including for mediation of purchase and sale transactions, administer your Grimmor account, also when it is necessary for the administration of the Platform and to optimise your experience, improve and develop the Platform.

For each purpose we process personal data for, we must have legal grounds (known as a ‘legal basis’) under data protection law. Next short explanation gives you an overview about each ‘legal basis’ that helps you to understand the explanation below:

  • Performance of a contract: when it is necessary for Grimmor (or a third party) to process your Personal Data to provide you with the services we promised you under Grimmor Terms and Conditions. Where the legal basis for processing personal data is performance of a contract, and you choose not to provide the information, you may be unable to use the Platform.
  • Consent: when we ask you to actively indicate your agreement to our use of your personal data for a certain purpose which you have been informed of. Where we rely on consent to process your personal data, you can withdraw your consent from such activities at any time. Withdrawal of the consent does not affect the lawfulness of any processing which took place prior to you giving us your consent.
  • Legitimate interests: when we process your personal data relying on legitimate interest. This includes our commercial and non-commercial interest in providing an innovative, personalised and safe service to you, and other third parties. If you would like more information about this, please contact us using the methods set out in this Privacy Policy.
  • Compliance with legal obligations: when we must process personal data to comply with a law or regulation in the markets we operate in, such as to comply with our obligations under tax and accounting laws or when we are obliged to give personal data to law enforcement agencies.

Grimmor uses personal data for the following purposes depending on how you interact with us, which Grimmor services you use, and based on your activity across the devices where you log in to or interact with Grimmor:

  1. Order fulfilment and delivery. We collect and process your data including your name, addresses, phone number, and order details, like the products you are buying, the size and price. This is necessary to transfer the relevant information to the Vendor, who is responsible for arranging the delivery and fulfilling your order. Legal basis is the performance of a contract with you. After the order is placed, we retain your order history in your User account to provide you with an overview of your purchases or sales (performance of contract) and to comply with our accounting and legal obligations regarding the transaction if this legal obligation lies on us.
  2. To provide Platform and services. To provide you with the services and operate the Platform. This includes creating and maintaining your account, displaying your purchase history and order status in one central location, and facilitating secure payment options when you shop. We need to process this data to fulfil our obligations to you under the Terms and Conditions and to facilitate your purchases.
  3. To process your payment and prevent fraud. When you make a payment, your payment data (including credit or debit card number, cardholder’s name and CVV) is transmitted directly to our authorised payment service providers via secure encrypted connection. We do not store your raw payment card information. However, to manage the transaction and ensure security, we receive and store payment confirmation details, including the amount, currency, payment method, transaction reference number, and fraud risk indicators (risk score) provided by the payment processor. To process your payment and facilitate the order our legal basis is the performance of a contract. To detect and prevent fraud and misuse of the Platform using the transaction data and risk scores is our legitimate business interest in protecting our Platform, our Vendors, and our Users. We also retain transaction records based on our legal obligation (tax and accounting laws).
  4. To provide personalised experience. To verify your preferences and recommend features or products that match your style (such as “Outfit of the Day”) directly within the Platform. We analyse your browsing behaviour and outfit selections to tailor the content you see. We may process for this your browsing history, device data, shopping preferences, outfit styles selected, internal identifiers. The legal basis is the performance of a contract as our Platform’s core service is styling.
  5. Direct marketing and newsletters. To send you newsletters, special offers, and promotional materials via email or push notifications. For this, we process your name, email, purchase history, browsing history and behaviour, device data, shopping and outfit styles preferences, internal identifiers and country. The legal basis is your consent.You may withdraw your consent and unsubscribe from marketing communications at any time by modifying your preferences in your account profile or by clicking the “unsubscribe” link in any promotional email. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After you withdraw your consent, we will stop sending you marketing communications, but we may continue to process your personal data for other purposes where we have a different legal basis (such as order fulfilment or compliance with legal obligations).
  6. To provide you with the Virtual Try-On Feature, recommend you the sizes and customised outfits. To provide you with this service we use a third-party AI model, an artificial intelligence and image processing algorithms to analyse your photo and body measurements and render the clothing on your photo. This processing is necessary to provide you with the service (i.e., to deliver the Virtual Try-On service you have requested). We process your photos and body measurement data based on your consent. You provide this consent when you voluntarily upload a photo to use the Virtual Try-On feature.Your photos and body measurements are solely used to generate a visual simulation of how selected clothing items would fit your body shape. We strictly do not use this data to identify you in other contexts, nor do we cross-reference it with other databases or share it with third parties for surveillance or identification purposes. We do not create or store unique biometric face templates for the purpose of identification. Our technology is strictly limited to visual fitting. We do not analyse your photos to detect emotions, personality traits, or health conditions. Therefore, this processing does not qualify as ‘facial recognition’ or processing of ‘biometric data’ under Article 9 of the GDPR or the Council of Europe Guidelines.The Virtual Try-On feature uses automated processing (AI algorithms) to generate visual simulations. The AI try-on feature generates an illustrative visualisation using a personalised avatar. To enhance visual appeal and professionalism, the try-on image might undergo pose refinement and background replacement. It means that your images may be automatically adjusted by the AI (e.g. lighting, posture) solely to enable this visualisation.This processing does not involve automated decision-making that produces legal effects or similarly significantly affects you. The results are purely visual recommendations to assist your shopping experience, and all purchase decisions remain entirely within your control. You are free to ignore the recommendations and make your own choices.You can withdraw your consent at any time by deleting your photo on the Platform.
  7. To provide you with customer services. To communicate with you about our services and your transactions, including when you contact us to help you to solve any issue you have with our Services or about your account or with any other User, and to let you know about the changes in our policies and terms, we might use your name, email, order history, partial payment information, addresses and your contact history with us. The legal basis is the performance of a contract with you and our legitimate interests in retaining you as a customer.
  8. To track and implement your settings and privacy preferences. With Grimmor so that each time you return to your account or log-in you may enjoy previously selected settings. The legal basis is our legitimate interest to ensure the functionality, usability, and convenience of the Platform and legal obligation to comply with data protection laws by remembering your choice to accept or reject cookies/tracking.
  9. To obtain feedback from you. Regarding the Platform, we process your name, email, phone number, and your response to our inquiries about the quality of the Service and your contact history with us. Legal basis is our legitimate interest in improving the quality of our services, developing the Platform features, and understanding User experience.
  10. To administer, optimise and develop our Platform and services, we use your device data, including IP address, device type, manufacturer, model, operating system, app version, language, time zone, region, unique device, advertising, or app identifiers. The legal basis is our legitimate interest in running our business.
  11. For research and analysis. To produce aggregated statistical reports, we may use your order history, followers, following, likes, closet items and favourites, provided that the result of such reports do not identify you. The legal basis is our legitimate interest in running our business and improving our website.
  12. For legal proceedings and compliance with the law. We may process your data to comply with applicable law (including retaining records of your consents to demonstrate compliance) or respond to valid legal requests, including court orders, requests from law enforcement or other compulsory disclosures, and to enforce our Terms and Conditions or other policies also to further our legitimate interest in protecting our rights, property, or safety and the rights, property and safety of the Platform, our users or the public. The legal basis is either legal obligation or our legitimate interest (e.g., for the establishment, exercise, or defence of legal claims).

About cookies and other identifiers

To enable our systems to recognise your browser or device and to provide and improve Grimmor Platform, we use cookies and other identifiers. For more information about cookies and how we use them, please read our Cookies and Similar Technologies Policy.

Who we share your data with

In certain circumstances, we may share your personal data with third parties without further notice to you, unless legally required, including without limitation in the situations below:

  1. Sharing with Vendors. Since Grimmor acts as a marketplace connecting you with fashion brands who act as Vendors, we must share certain data regarding your purchase. Purpose of this is to enable the Vendor to fulfil your order and arrange the delivery of your goods. For this purpose, we share your name, contact data (phone number, email address), shipping address, order details and delivery instructions if you have provided these. Please note that the Vendor acts as an independent data controller regarding your order fulfilment and shipping.
  2. Sharing with other third parties. We rely on carefully selected third-party service providers to help us operate the Platform and provide our services. These parties process data on our behalf and strictly under our instructions:
  • To ensure your order reaches you, we may transfer your shipping address and contact details to the Vendor and their designated delivery service providers. As the Vendor is responsible for the fulfilment and shipping of your goods, this data transfer is strictly necessary to perform the delivery contract.
  • Payment service providers that we use to process your payments securely. Note that payment providers typically act as independent controllers for the financial transaction data. When you make a payment, we encourage you to read the service provider’s privacy policy as this applies to the processing of your personal data.
  • Analytics and search engine providers, like Google, help us understand how the Platform is used.
  • Customer service management providers that allow us to provide our customer services and improve and manage your customer experience.
  • Marketing/advertising tools providers that help us improve our marketing.
  • Cloud infrastructure and storage providers to host the Grimmor Platform and to store and deliver user content, including uploaded photos and AI-generated images.
  • To provide Virtual Try-On and AI-generated imagery, we use specialised third-party technology providers that help us process your photos and body measurements to generate the virtual try-on visualisation.
  1. To comply with legal requests and to prevent harm. We share your personal data when it is necessary to (a) comply with applicable law or respond to, investigate, or participate in valid legal process and proceedings, including from law enforcement or government agencies or other public and government authorities, which may include authorities outside your country of residence; (b) to secure and protect the services, rights, privacy, safety, and property of Grimmor, you, and others, including against malicious or fraudulent activity; (c) to enforce or investigate potential violations of our terms or policies and (d) to resolve disputes and enforce agreements. Where we consider it appropriate, and provided we are not prohibited from doing so by law or court order, we will attempt to notify you of these legal demands.
  2. Aggregated data with third parties. We may aggregate your data with the data of other customers, creating a dataset of data about the usage of our website, purchase of products, and other general, grouped data about our customers. The legal basis is our legitimate interest in understanding the usage of our Platform and demand for our services. This dataset is aggregated and anonymised in such a way that you as an individual cannot be identified or re-identified. Once properly anonymised, this data is no longer considered personal data under GDPR. As it provides valuable insight into the use of our Platform, we may share it with select third parties. These parties may include Vendors (to allow them to better stock products), and our investors.
  3. Other users. When you share, post or like content publicly or to the other Users on the Platform.
  4. In case we are considering a corporate transaction. If we enter or intend to enter a transaction that modifies the structure of our business, such as reorganisation, merger, sale, change of control, or other disposition of all or part of our business, assets, or stock, we may share your data with third parties in connection with such transactions. If we buy or sell any business or assets, your personal data may be one of the assets that are transferred.

International transfers

By using our Platform, you understand and acknowledge that your personal information will be transferred from your location to facilities and servers in the EU/EEA.

Users’ personal data is primarily processed within the European Union. In certain situations, such as when we share your information with Vendor or third-party service provider, your personal data may be transferred outside the EU/EEA. In such cases, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission. This means that the recipient guarantees that the level of protection for your personal data afforded by the relevant data protection laws still applies, and that your rights are still protected. In these cases, we also assess whether there are laws in the recipient country that affect the protection of your personal data. Where necessary, we take technical and organisational measures so that your data remains protected during the transfer to the relevant country.
  • Adequacy decisions confirming the third country provides adequate protection. If the relevant authority (e.g. the EU Commission) has decided that the country to which your personal data is transferred has an adequate level of protection, which corresponds to the level of protection afforded by the relevant data protection laws.
  • Data Privacy Framework. If the transfer is covered by a relevant data privacy framework, such as the EU-US Data Privacy Framework (dataprivacyframework.gov), which is an opt-in certification scheme for US companies, administered by the US Department of Commerce.

For users located in the United Kingdom, transfers of personal data outside the UK are governed by UK GDPR and are subject to equivalent safeguards, including the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses, or adequacy regulations made by the UK Secretary of State. Your data is afforded the same level of protection as described above.

Keeping your personal data safe

Grimmor takes necessary measures to provide a level of security appropriate to the risk associated with processing Personal Data. We maintain organisational, technical, and administrative measures designed to protect the Personal Data covered by this Privacy Policy from unauthorised access, destruction, loss, alteration, or misuse. However, no method of transmission over the Internet, and method of electronic storage, can be totally secure. This means also Grimmor cannot guarantee the absolute security of your Personal Data.

Therefore, Grimmor encourages you to assist us in protecting your Personal Data. If you have an account with Grimmor, you can do so by using a strong password, safeguarding your password against unauthorised use, and avoiding using identical login credentials for other services or accounts. If you have any suspicions that your Grimmor account’s security has been compromised, please contact us immediately.

We have implemented appropriate technical and organisational controls to protect your Personal Data against unauthorised processing and against accidental loss, damage or destruction. These measures include:

  • Encryption of personal data in transit and at rest,
  • Secure access controls and authentication mechanisms,
  • Segmentation of production systems and restricted access to databases,
  • Regular security updates, vulnerability management, and patching,
  • Logging and monitoring of system activity,
  • Secure backup and recovery procedures, and
  • Use of reputable cloud infrastructure and data storage providers.

Access to personal data is strictly need-based and related to the fulfilment of Grimmor employees’ obligations arising from the employment contract or job description. In certain cases, limited access to personal data may also be granted to Vendors and service providers who provide us with specific services (e.g. cloud hosting providers, payment processors, customer support tools, analytics providers, and AI and image-processing service providers).

How long do we retain your personal data for?

We keep your personal data only as long as necessary to provide you with Grimmor Platform and services and for the purposes described above or as long as you decide to erase it. This means that the retention periods will vary according to the type of personal data and the reason that we have collected it in the first place.

  • We retain your personal data for as long as you have an account with Grimmor and you keep using our services or we have your consent if the processing is consent-based. We retain your personal data until you remove/delete it or ask us to do it for you, except for data we are required to retain by law (such as transaction history). It’s your right to request that we delete your certain data or an account.
  • If you have not logged in or used your account for a period of 2 years, your account will be automatically deactivated. We will send you a notification email 30 days before deactivating your account. Following deactivation, your account will be kept in a suspended state for 3 months. During this time, you may contact us at privacy@grimmor.com to request the reactivation of your account. If we do not receive a reactivation request within this period, your account and personal data will be permanently deleted, except for data we are required to retain by law (such as transaction history).
  • We retain data in the event of disputes until the claim is resolved or the statutory limitation period for such claims expires (typically 3 years under Estonian law for contractual claims, unless a different period applies).
  • We retain data about instant messages between you and the Customer Support Team directly in the Grimmor Platform for 12 months, except in cases where messages are related to a reported incident or in the event they are related to a dispute, in which cases we will store them for 3 years from the date the matter is closed.

Please note that even if you delete your account or it is deactivated due to inactivity, we are required to retain certain personal data to comply with our legal obligations and to protect our legitimate business interests. We will not retain your data for longer than is necessary for these purposes. Specifically, we retain data in the following cases:

  • Legal Claims and Consumer Disputes: We may retain data related to your orders and contracts (e.g., purchase history, correspondence regarding claims) for 3 years after the transaction to settle any potential disputes in accordance with the statutory limitation periods under Estonian law.
  • Enable fraud monitoring, detection, and prevention activities.
  • Accounting and Tax Compliance. To comply with our tax, accounting, and financial reporting obligations, including when such retention is required by our contractual agreements with our financial service providers (and where data retention is mandated by the payment methods you’ve used). Financial and accounting records are retained for 7 years to comply with Estonian tax and accounting legislation.

Please note that uninstalling the Grimmor mobile application from your device does not automatically delete your personal data from our systems. Your account and data will remain active. If you wish to delete your account and personal data, please contact us at privacy@grimmor.com or use the account deletion function in your account settings.

For more information on how long we store your personal data or the criteria we use to determine this please contact us.

Are children allowed to use Grimmor Platform?

Our Platform is not intended for Users under the age of 18. We do not knowingly collect personal data from children under 18. By using our Platform, you confirm that you are at least 18 years old.

If we become aware that anyone under the age of 18 has submitted personal data to our Platform, we will delete that data immediately and will not use it for any purpose whatsoever. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@grimmor.com.

Your data protection rights

The rights available to you depend on where you are located. The core rights described below apply to all users. Additional rights for users in specific regions are set out in the supplemental sections that follow.

Rights available to all users

Under the data protection laws applicable to you, we must have a “lawful basis” for collecting and using your personal data. Which lawful basis we rely on may affect your data protection rights which are set out in brief below.

  1. Right to access. You have the right to ask us for copies of your personal data. You can request other data such as details about where we get personal data from and who we share personal data with.
  2. Right to rectification. You have the right to ask us to correct or delete personal data you think is inaccurate or incomplete.
  3. Right to erasure. You may also request that your personal data be erased subject to certain statutory exceptions if the personal data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful or wish to erase your account and profile in our Platform.
  4. Right to restriction of processing. In some cases, you have a right to ask us to limit how we can use your personal data.
  5. Right to object to processing. You are entitled to object to processing of personal data, if the processing of your personal data is based on legitimate interest.
  6. Right to data portability. You have the right to ask if we transfer the personal data you gave us to another organisation, or to you.
  7. Right to withdraw your consent. In cases where the processing is based on your consent, you have the right to withdraw your consent at any time. You have the right to opt out of receiving promotional communications at any time by following the instructions in those communications.
  8. File a complaint. If you have any concerns regarding the processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority for your region. Details of the relevant authority are set out in the supplemental sections below.

To make a data protection rights request, please contact us at privacy@grimmor.com. If you make a request, we must respond to you without undue delay and in any event within one month.

Supplemental provisions for users in the United States

If you are located in the United States, the following additional provisions apply to you. We process the personal data of US-based users in accordance with applicable US state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA), Virginia CDPA, Colorado CPA, and other applicable state laws.

Categories of personal information we collect

In the preceding 12 months, we have collected the following categories of personal information, as defined under CPRA:

  • Identifiers, such as name, email address, phone number, IP address, and unique device identifiers.
  • Personal information categories listed in the California Customer Records statute, such as name, address, and payment information.
  • Commercial information, such as purchase history and products considered.
  • Internet or other electronic network activity, such as browsing history and interactions with our Platform.
  • Inferences drawn from personal information to create a profile about preferences and shopping behaviour.
  • Sensitive personal information, including account login credentials and photos/body measurements used for Virtual Try-On (collected and used solely for the purpose of providing the Virtual Try-On service).

We do not sell your personal information as defined under CPRA. We may share certain personal information with third-party advertising and analytics partners, which may constitute ‘sharing’ for cross-context behavioural advertising purposes under CPRA.

Your rights under US state privacy laws

Depending on the state in which you reside, you may have some or all of the following rights:

  • Right to know. You have the right to know what personal information we collect about you, the categories of sources from which it is collected, the purposes for which it is used, the categories of third parties with whom it is shared, and the specific pieces of personal information we hold about you.
  • Right to deletion. You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to correct. You have the right to request that we correct inaccurate personal information we hold about you.
  • Right to opt out of sharing. You have the right to opt out of the sharing of your personal information for cross-context behavioural advertising. To exercise this right, please contact us at privacy@grimmor.com or use the “Do Not Share My Personal Information” option in your account settings.
  • Right to limit use of sensitive personal information. You have the right to direct us to limit our use of your sensitive personal information to the purpose for which it was collected. We use your sensitive personal information (photos and body measurements) solely to provide the Virtual Try-On feature and for no other purpose.
  • Right to non-discrimination. We will not discriminate against you for exercising any of your rights under applicable US state privacy laws. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.

To exercise any of these rights, please contact us at privacy@grimmor.com. We will respond to verifiable consumer requests within 45 days. We may need to verify your identity before processing your request.

Authorised agents. California residents may designate an authorised agent to make a request on their behalf. We may require verification of the agent’s authority to act on your behalf.

Shine the Light. California residents may also request, once per year, information about the personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please contact us at privacy@grimmor.com.

Supplemental provisions for users in Canada

If you are located in Canada, the following additional provisions apply to you under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Quebec Law 25 (Law 25).

Consent. We collect, use, and disclose your personal information with your consent, except where permitted or required by law. By using our Platform, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us at privacy@grimmor.com. Please note that withdrawal of consent may affect our ability to provide you with certain services.

Cross-border transfers. Your personal information may be transferred to and processed in countries outside Canada, including in the European Union and the United States. When we transfer your personal information outside Canada, it may be subject to the laws of those jurisdictions, and may be accessible to law enforcement and national security authorities of those jurisdictions. We take steps to ensure that your personal information receives a comparable level of protection as it would in Canada, including through the use of contractual safeguards.

Your rights. You have the right to access the personal information we hold about you and to request correction of any inaccurate information. You also have the right, in certain circumstances, to request deletion of your personal information. To exercise these rights, please contact our Privacy Officer at privacy@grimmor.com.

Quebec residents. If you are a resident of Quebec, you have additional rights under Law 25, including the right to data portability (to receive your personal information in a structured, commonly used technological format) and the right to restrict the use of technology that allows identification, geolocation, or profiling. To exercise these rights, please contact us at privacy@grimmor.com.

Privacy Officer. Our designated Privacy Officer can be contacted at privacy@grimmor.com. If you have a concern about our personal information handling practices, you may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

Supplemental provisions for users in Australia

If you are located in Australia, the following additional provisions apply to you under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Collection of personal information. We collect personal information about you only where it is reasonably necessary for, or directly related to, one or more of our functions or activities as described in this Privacy Policy. Where practicable, we collect personal information directly from you.

Sensitive information. The photos and body measurements you provide for the Virtual Try-On feature are handled with a higher level of protection consistent with the treatment of sensitive information under the Privacy Act. We collect and use this information only with your consent and only for the purposes for which it was collected.

Cross-border disclosure. We may disclose your personal information to recipients located overseas, including in the European Union, Estonia, and the United States. Before disclosing your personal information overseas, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information.

Your rights. You have the right to access the personal information we hold about you and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to requests for access or correction within a reasonable period. If we refuse access or correction, we will provide you with reasons for our refusal and information about how you may complain about the refusal.

Complaints. If you are not satisfied with how we have handled your personal information, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. We ask that you contact us first so that we have an opportunity to resolve your concern.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us at privacy@grimmor.com.

When submitting a complaint, please include your contact details, a description of your concern and any relevant supporting information.

We will answer your request within a reasonable time, but no later than one month after receiving the request.

If you are not satisfied with our response, you have the right to lodge a complaint with the supervisory authority relevant to your location:

  • EU/EEA: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), www.aki.ee, who is our lead supervisory authority, or your local data protection authority.
  • United Kingdom: Information Commissioner’s Office (ICO), www.ico.org.uk.
  • United States: You may contact your state attorney general or applicable state consumer protection authority.
  • Canada: Office of the Privacy Commissioner of Canada, www.priv.gc.ca, or your applicable provincial privacy commissioner.
  • Australia: Office of the Australian Information Commissioner (OAIC), www.oaic.gov.au.

To protect your personal data from unauthorised access or deletion, we may require you to verify your identity before we process any request to know or delete personal data. If we cannot verify your identity to our satisfaction, we will not provide or delete your personal data.

Updating this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our privacy practices. If we make any significant changes and affect how your data may be processed, we will notify you (via this page or any of the means you provided us with).

We encourage you to periodically review this page for the latest data on our privacy practices.

The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy.

Our contact details

If you have any questions about our Privacy Policy or any other privacy related issue, please contact us at privacy@grimmor.com.

Grimmor OÜ contact information:

Jõe street 3-315

10151, Tallinn

Estonia